Corporate Ethics Programs and Security

Rose Shyman added an ethics program to her duties as director of global security at American Standard Cos.

No, I can't say that there were any that surprised me at all. [In our benchmarking studies] we found that companies were quite comparable in the types of cases that [surfaced] through the hotline. I'm highlighting cases that came through the hotline, but we've also had other cases, a conflict-of-interest or fraudulent nature, that came [to our attention in other ways]such as through our audit and legal departmentsthat are certainly common to any business.

What have you learned from doing this?

I've certainly learned a lot about our culture here at American Standard. I think that the work we do around security and ethics has to be trickled down within the businesses. We've found that in all the work we're doing, the support we get from business leadersand the way in which they send those messagesis really critical. Over the years, our leaders have done a great job of sending these [ethics] messages, not only visuallythrough posters and wallet cardsbut also walking the talk, by modeling what we expect of our business leaders.

And in terms of the process?

We're continually looking to streamline, to make [the process] better for our people and for our business. For example, putting a prioritization process in place for turnaround. So [we can identify] cases that we need to address and investigate within 24 to 48 hours [versus 10 business days]. If it's a safety-related case or a crisis that could have a high-impact on the company's reputation and corporate brand, we would want to highlight it right when that e-mail is sent. And make a phone call to the right leaders to say, "This needs to be addressed immediately."

So there's a heightened level of prioritization and action that needs to take place [in] some cases. Otherwise it becomes sort of a routine, right? A case comes through, we get bogged down with e-mails. And that [crucial] e-mail might be sitting in someone's inbox. Maybe they don't see it for a day or two. It's [a matter of] putting a heightened level on a case that has to be investigated immediately.

Other thoughts?

It's not enough to provide a reporting channel; you have to understand the reporting [mechanism] in the context of why it's important. Our value statement was translated into 21 languages and made available to all of our 61,000 employees. As it relates to the security director, the way I would position it is that if you're not administering an ethics program as I am, there should be a [senior-level security representative] working very closely with audit and legal. Because the cases that come through typically have those three componentseither a security or safety component, a legal component, or an audit component. And I should also add HR to that.